Fake Occupy Central app targets activists with spyware

A fraudulent smartphone app claiming to coordinate the Occupy Central pro-democracy movement has circulated online. The spyware is disguised as an application for Android smartphones or tablets, Code4HK, a group of coders trying to improve government transparency in Hong Kong, said.

Activists first received a link to the application in messages from a phone number unknown to them on Tuesday.

“Check out this Android app designed by Code4HK for the coordination of Occupy Central!” the message read.

Once downloaded and installed the application requests access to information on users’ contacts, browsing history, approximate location, text messages, and phone call history.

Siu Cheong Leung, a senior consultant with the Hong Kong Computer Emergency Response Team Coordination Centre, said suspicious behaviour by the application included recording audio and obtaining the location of the device. “It’s a malware with spy behaviour,” he said.

“On the face it is not suspicious,” he added. “However once it is installed, it will unpack data from itself to install a second mobile app,” which then connects to a server based in South Korea.

Code4HK suggested the application was generic spyware. “I agree it looks quite off the shelf, not specialised for us,” said Vincent Lau Chun-yin, a member of the group.

The group of coders was not able to immediately identify the origin of the spyware. The server hosting the application has a log-in in simplified Chinese predominantly used on the mainland.